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® Classified document transmission control. 



® A method is disclosed for notrfying both the 
source and intended recipient of a classified elec- 
tronic message transmitted via a computer network 
of a delivery restriction imposed by an insufficient 
classification level at the redpienrs system. A re- 
quired classification level is transmitted by the 
source of a classified electronic message in associ- 
ation with each classified electronic message and an 
indication of each classified eiectronic message is 
stored in an output tog at the source system. Prior to 

a permitting deOvery of a classified electronic mes- 
sage, the required ciassiffcation level is then com- 
pared to the classificatfon level of the intended re- 
CDdpient Delivery of a classified electronic mess^ is 
W automatically restricted in response to an insuffident 
classification level at the redplenTs system and a 
Wstatus message is then transmitted to either or both 
JJJthe source and the intended redpient of the das- 
sified electronic message. The redpient may be 
O automatically prompted to attempt to ot^ a das- 
(^sification upgrade or forward th message to an 
LUattemate redpient in* response to such restriction. 
Additionally, the method penmits an undelivered 
message to be destroyed by the source, the redpi- 



ent, or the system In response to the failure of 
delivery. 
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CLASSIFIED DOCUMENT TRANSMISSION CONTROL 



DESCRIPTION 



This invention relates generally to classified 
document transmission control In computer net- s 
works and provides the basis for providing notifica- 
tion to both the source and recipient of classified 
electronic messages which are undefiverable due 
to classification restrictions. 

The electronic mail is rapidly supplanting Post w 
Office mail as a means for communicating between 
individuals. One significant advantage of electronic 
mail is that the trmsmission time associated with 
each electronic mail message is ordinarily only 
seconds, or fractions of a second, as compared to is 
Post Office mail which ordinarily requires several 
days. 

The mailing tinr^e associated with Post Office 
mail often causes significant delay In the conduct 
of business and has been largely Ignored, and 20 
consequently tolerated, until the advent of Express 
Mail services and electronic mail. Cunrently, this 
widespread delay of business is identified as 
"float" and the minimising or eliminating of this 
float has become one goal of business managers. 25 
effidency experts arxl others hoping to rrwa^ase 
societal productivity. 

The widespread use of electronic mail systems 
have given rise to a problem of security. That Is. 
the wonisome problem of delivering a sensitive 30 
electronic mail message to the terminal of a third 
party only to have that message intercepted and 
read by another due to a lack of sufficient security 
at the recipienf s terminal. Recently a method has 
been proposed whereby the delivery of a classified 35 
message will be automatically cancelled If the re- 
cipienfs system profile does not match a pre- 
established profile which has been transmitted with 
the message. While this represents an enhance- 
ment over known electronic mail systems by pro- 40 
viding a system with the ability to automatically 
proscribe the delivery of a classified message to a 
recipient whose recipient profile does not match 
the pre-est^lished profile established by the 
source of the classified message, it does not ad- 45 
dress the problem of how to proceed once delivery 
of a classified message has been cancelled. 

Thus, it should be obvious that a need exists 
for a method whereby the delivery and receipt of 
sensitive electronic messages may be carefully re- so 
stricted and whereby the source and recipient of 
such electronic messages may receive notification 
indfcating the delivery or non-delivery status of a 
classified message. 

It is therefore one object of the present inven- 



tion to provide an improved electronic message 
system. 

The present invention provides, in a computer 
networic. a method for automatically notifying the 
source of a classified electronic message transmit- 
ted via the computer networic of a delivery restric- 
tion imposed by the classification level of the re- 
cipient, comprising the steps of: 
transmitting a required classification level to be met 
by a valid receiver in association with an etectronk: 
message to a selected recipient via a computer 
network; 

automatically- comparing the transmitted required 
classification level with the classification level of the 
selected recipient 

automatically restricting delivery of the electronic 
message to the selected recipient in response to 
the failure of the classification level of the selected 
recipient to meet or exceed the transmitted re- 
quired classification level; and 
automatically transmitting the status of the delivery 
to the source. 

Such an arrangement is thought to provide an 
irnproved electronic message system which per- 
mits restriction of the delivery and receipt of clas- 
sified electronic messages while providing a no- 
tification to both the source and recipient regarding 
the non-delivery of such messages and can also be 
arranged to provide notification to a designated 
third party in ttie event of such restriction. 

In one anrangement of the present invention, a 
required classification level is transmitted by the 
source of a classified electronic message in associ- 
ation with each classified electronic n>essage and 
an indication of each such classified electronic 
message is stored in an output tog at the source 
system. Prior to permitting delivery of a classified 
electronic message, the required classification level 
is then compared to tiie classification level of the 
intended recipient. Delivery of a classified elec- 
tronic message Is automatically restricted in re- 
sponse to an insuffident dassification level at the 
redpienf s system and a status message is then 
automatically transmitted to either or both the 
source and the intended redpient of the classified 
electronic message. It is prefenrod also to provide 
for the transmittal of a status message to a des- 
ignated third party, such as a system operator. As 
disctosed, the receipt of a classified message bear- 
ing a dassification higher than that of ttie intended 
redpient will cause the system to automatically 
prompt the Intended redpient to attempt to obtain a 
dassification upgrade or to forward tfw message to 
an alternate redpient bearing the proper classifica- 
tion level. Additionally, ttie mettKXl of ttie present 
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invention permits an undelivered message to be 
destroyed by th sourc , th recipient or the sys- 
tem in response to ttie failure of d livery. 

Th present invention will be descril^ed further 
by way of xample with reference to an embodi- 
ment thereof as illustrated in the accompanying 
drawings, in which: 

Rgure 1 depicts, in block diagram form, a 
Local Area Network (LAN) which links multiple us- 
ers in a system wherein electronic messages may 
be transmitted; 

Rgure 2 depicts a \oq\c fk)w chart illustrating 
the operations performed in transmitting a message 
in system; and 

Rgure 3, in sections A and B. is a bgic fk>w 
chart illustrating the opefatk)ns involved at recep- 
tion. 

A Local Area Network (LAN) 10 is a self-corv 
tained computer network linkir>g a plurality of users. 
As is illustrated. Users A. B, C. and D are each 
linked in Local Area Network (LAN) 10 and are 
capable of freely communicating electronic mes- 
sages between one arK>ther within Local Area Net- 
work (LAN) 10. Those skilled in the art will appre- 
ciate that while a Local Area Network (LAN) 10 is 
depicted in Rgure 1, the electronk: message meth- 
od disclosed herein may be used with other such 
systems such as a plurality of interactive work 
stations whk^h are each coupled to. a host com- 
puter. 

Ihe disctosed arrangement peonits a transmit- 
ter to transmit a classified electronic message to a 
particular redpient and automatically generate no- 
tification messages to the recipient, a designated 
tinird party, and the source system in the event that 
delivery of the classified electronic message is not 
accomplished due to an insufficient classification 
level at the redpient system. Some of the activities 
involved can be thought of as takir^g place at 
transmission or in a a "transmission system* and 
some may be thought of as occurrirtg at reception 
or in a "reception system." 

The transmissk>n part of the disclosed opera- 
tion is depicted in togic ftow chart form in Rgure 2, 
while the counterpart reception operation is de- 
picted in k>gic fk>w chart fonti in Rgure 3. Rgure 2 
and Rgures 3A and 38 shouki be read togetiier to 
fully understand the disdosed anrangement where- 
by notifteation of the inability of a redpient to 
receive a classified electronk: message may be 
automatically transmitted to designated parties. Ad- 
ditionally, each user depicted in Rgure 1 may 
consist of an Indivkiual, or a computer system, 
such as a personal computer. 

Referring now to Rgure 2. the operation of tfie 
transmtsskm system will now be described, with 
occaskxYal reference to Rgure 1. for purpose of. 
exposition. As depicted in bk)ck 14. the operation 



is begun by the selection of an electronic message 
for transmission at tiie transmission system. Those 
skilled in the art will appredate that the selection of 
a particular message for transmission involves not 
5 only the s lection of the message content but also 
the specification of the recipient or recipients for 
tiiat particular message. Therefore, the selection of 
a particular message for transmission, as depicted 
in bk)ck 14, shall be assumed to include such 

10 specifications. Next, block 16 is used to illustrate 
whether or not the message selected for transmis- 
sion requires a particular classification level. If not. 
tiie particular message selected by block 14 is 
transmitted via Local Area Network (LAN) 10 (see 

15 Rgure 1) in a manner well known in ttie art, as 
illustrated in bkx:k 18. 

In the event ttie electronic message selected 
for transmission as illustrated in bkx:k 14 requires a 
classification level, as depicted in block 16. then 

20 block 20 illustrates tiie setting of a particular das- 
sification level. Those skilled in the art of electronic 
message systems will appredate tfnat each individ- 
ual establishment may generate its own classifica- 
tion level system and that such systems may differ 

25 in ttie number and priority of dassiftoations which 
are available. Next, an indication of tiie message 
and the classification level seleded is entered in 
the output \oQ for the transmisskm system, as 
illustrated in block 22. Thereafter. bkx:k 24 is used 

30 to detemnine whetiier or not encryption is required. 
If no encryption is desired, the message is trans- 
mitted via ttie network, as illustrated in block 18. If, 
however, encryption is required, then block 26 illus- 
trates ttie encryption of ttie classified electronic 

35 message, by any technique known in the prior art. 
prior to transmission of ttie message via ttie net- 
woric. as illustrated in block 18. 

Witti reference now to Rgures 3A and 38. 
there are depicted the operations which take place 

40 at tiie recipient's system. This part of the operation 
begins at the redpienf s system with the receipt of 
a particular message, as illustrated in block 30. 
Next bkx^k 32 is used to determine whether or not 
the electronic message received in block 30 is 

45 classified. If the message received is not classified, 
ttie message Is ttien placed in ttie redpienfs in 
box. as illustrated in bkx^ 34. 

In the event the electrons message received at 
the redpient's system is classified, ttien block 36 

50 depicts ttie retrieval of the redpienf s classification, 
which, in the disdosed arrangement. Is stored witti- 
in a redpient profile associated witti each recipient 
within the network. 

Next block 38 illustrates a determination of 

55 whetiier or not the classification level required by 
ttie message received at the redpient's system is 
met by the redpient's classification level. H the 
recipient possesses a suitable classification level to 
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receive the classified electronic message, then 
block 40 illustrates the transmittal of an arrival 
notice back to tfw source of the classified message 
and the pladng of the message into the recipient's 
in box. as illustrated In block 34. 5 

In the event the redpient's classification level 
is not sufficiently high to receive the classified 
electronic message received at the redpienf s sys- 
tem, then block 42 illustrates the placing of a denial 
notification in the recipient's input log. Of course, 10 
those skilled in the art wll appredale that such a 
denial notification may be carefully crafted to in- 
dicate to the redpn'ent that a classified electronic 
n>essage has arrived for which the recipient does 
not possess a suffidentty high dassification level. is 
This may be done simply and easily without in- 
dicating the nature of the classified electronic mes- 
sage. 

Next, btock 44 depk:ts the transmittal of a non- 
delivery notice to the source and any designated 20 
third parties. One important feature of the disdosed 
anrangement is that the notification of non-delivery 
whidi is automatically generated for the source of 
the dassified electronic message may also be di- 
rected automatically to the system operator or any 25 
other designated third party. In this manner, the 
system may establish suitable techniques for deal- 
ing with undelivered classified eiectronk; message 
which are unique to a particular system without the 
necessity of requiring that all systems using this 30 
method treat undelivered classified electronic mes- 
sages in the same marv)er. 

As illustrated in block 46, the disdosed ar- 
rangement next prompts the redpient to obtain a 
classification upgrade. In this manner, the redpient 35 
may request and often receive a temporary or 
transactional dassification upgrade in order to allow 
htm to receive and review a particular classified 
electronic message. Bkx:k 48 then illustrates a 
detemaination of whether or not the upgrade has 40 
been obtained and. if so, bkx:k 40 illustrates the 
transmittal of an arrival notice to the source. Next 
the classified electronic message is placed In the 
redpienf s in box, as depicted in bkxdc 34. 

In the event tf>e redpient has not obtained a <5 
classification upgrade suitable to permit him to 
review the classified electronic message received, 
then block 50 illustrates the prompting of the re- 
dpient to forward the message to an alt^nate 
redpient For example, the redpient may not pes- so 
sess a suitable classificatk)n level; however, his 
manager may have such a dassification level »xl 
fonwarding of the classified electronfc message to 
the manager will permit communication with the 
intended redpient to take place to the extent the 55 
manager deems it necessary. 

Bkx* 52 now ilkistrates a determinatkxi of 
whether or not the dasafied electronic message 



has been iomsrded to an altemat redpient If so, 
block 54 illustrates a transmittal of a notice to the 
source f the classified electronic messag indicat- 
ing that the classified electronic message has t>een 
fonwarded to an altemate redpient Thereafter, the 
process returns, as illustrated in block 56. to deter- 
mine whether or not the alternate redpient des- 
ignated by the initial recipient possesses a suffi- 
dent classification level to receive the message, as 
illustrated at)ove. 

In the event the redpient has dedined to for- 
ward the classified electronic message to an al- 
ternate redpient. as detennined by block 52, then 
block 58 is used to determine whether or not the 
classified electronic message should be destroyed. 
In the event desfruction of the classified electronic 
message is desired, bkxk 60 may be used to 
determine whether or not the system protocols 
require automatte desfruction of an undelivered 
dassified electronic message. If so, then block 62 
illustrates the destruction of the classified elec- 
tronic message and a return to processing. If auto- 
matic destruction of a dassified electronic mes- 
sage IS not desired, then block 64 illustrates the 
prompting of the source or redpient for a destruct 
command. In this manner, the dassified electronic 
message which may not be delivered can be de- 
stroyed. Rnally. In the event block 58 detennines 
that it is not necessary to destroy the classified 
electronic message, the process ends. 

As those skilled in the art will appredate upon 
reference to the foregdng spedfication. by using 
such an arrangement, there is provided a technique 
whereby the non-delivery of a classified electronic 
message due to the inabifity of the redpient to 
provide a suitable classification level may automati- 
cally generate a notification which will be transmit- 
ted to the source of the classified electronic mes- 
sage, as well as to any designated third party 
within the system. In this manner, users of may 
customise a protocol for handling classified eiec- 
tronk: messages within a individual system which 
may accommodate alnu)st any variation in tech- 
niques for harKiling the delivery or non-delivery of 
dassified electronic messages. Co-pending appli- 
cation {AT9-8&^) relates to similar subject 

matter. 



Claims 

1. In a computer network, a method for auto- 
matically notifying the source of a classified elec- 
tronic message transmitted via tfie computer net- 
work of a delivery restriction imposed by the cias- 
srfication level of the redpient comprising th 
steps of: 

transmitting a required classification level to be met 
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i by a valid receiver in association with an electronic 

' message to a selected recipient via a computer 

network; 

automatically comparing the transmitted required 
classification level with the classification level of the s 
s lected recipient; 

automatically restricting delivery of the electronic 
message to the selected recipient in response to 
the failure of the classification level of the selected 
recipient to meet or exceed the transmitted re- io 
quired classification level; and 
automatically transmitting the status of the delivery 
to the source. 

2. A method as claimed In Claim 1. further 
including storing an indication of each transmitted is 
electronic message along with tfie required clas- 
sification level at the source. 

3. A method as claimed in Claim 2, further 
including storing the transmitted status in associ- 
ation with the stored indication of each transmitted 20 
electronic message. 

4. A method as claimed in any preceding 
Claim, further including automatically transmitting a 
notification of the delivery restriction to the se- 
lected recipient in response to the automatic re- 2s 
striction of delivery. 

5. A method as claimed In Claim 4, further 
including tiie step of prompting the selected recipi- 
ent to request an increased classification level in 
response to the automatic restriction of so 

6. A method as claimed in any preceding 
Claim, further including \he step of prompting the 
source to dispose of the electronic message in 
response to the automatic restriction of delivery. 

7. A metix)d as claimed in any preceding 35 
Claim, further including the step of automatically 
disposing of tfie electronic message in response to 

the automatic restriction of delivery. 

8. A method as claimed in Claim 4 or any 
Claim appendant thereto, further including tiie step 40 
of prompting the selected recipient to request 
transmittal of the electronic message to an al- 
ternate redpient in response to the automatic re- 
striction of delivery. 

45 
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